bogleheads.org attacked - some accounts hijacked

Discussions about the forum and contents

bogleheads.org attacked - some accounts hijacked

Postby Alex Frakt » Tue May 08, 2012 1:10 am

update - the attacker did manage to figure out the passwords on several accounts. All of the accounts used very basic passwords like "stocks" or "bogleheads". Please change your password if it doesn't meet the guidelines below or if you have any concerns. See this response on page 2 of this thread for more details: viewtopic.php?f=3&t=96039&start=50#p1395370

Someone has been attempting a brute force attack run through anonymous proxy servers to try to guess user passwords on our site. They have not been successful and we are actively responding to the attacks to make sure it stays that way. To give a little more detail, someone has written a program that runs through the member list and attempts to login to each users account by entering random passwords. In anticipation of such attacks, our software only allows a small number of missed passwords before taking steps to lock out the attacker. We are now taking additional steps to keep this from interrupting the site, I don't want to go into the specifics of this for obvious reasons.

The question is what should you, our members, do about this. In most cases the answer is nothing. The attacker has not gotten into our database or successfully infiltrated anyone's account. The only effect it will have on you is that, until this is over, you may be asked to answer a simple question along with entering your username and password when logging in. The text of the message you will see if this is the case is "You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to solve the CAPTCHA below."

Should you change your password? This attack does not create a specific need to change your password. However, if you broke any of the following rules of thumb when initially creating your password, you might want to take this opportunity to create something more secure. Again this is not something tied to the attack, it's just a generally good idea to follow these password guidelines:

These guidelines are based on analyses of lists of passwords posted by hackers who have successfully broken into various commercial web sites.

- Don't use a basic keyboard pattern or alphanumeric like qwerty or 123456 or abc123.
- Don't use common first or last names, the site name, your username or your e-mail address.
- Don't use password (or passw0rd), letmein, iloveyou or common terms of endearment like honey, princess or (for some reason) monkey.

And the most important rule:

- Don't use the same password for general sites (like ours) that you use for sites like banks and brokerages.

If you do want to change your password, click User Control Panel (it's a couple of lines under the Bogleheads logo at top left), then the Profile tab, then Edit Account Settings. Here's a direct link: http://www.bogleheads.org/forum/ucp.php?i=profile&mode=reg_details. While you are on that page, please check that the e-mail address we have for you is still valid. If you are locked out or forget your password, that's where the reset message will go.

edit - in addition to the one's mentioned above, here's a list of the passwords that have been hit in similar attacks
000000 abc123 aeiou angel asdf1 asdfg ashley babygirl baseball baseball1 batman blahblah cheese christ computer daniel dragon football freedom fuck fucked fuckyou grace iloveyou iloveyou1 iloveyou2 internet jessica jesus jesus1 jordan killer letmein love master matrix maverick michael michelle monkey mustang nicole nintendo passw0rd Password password1 pepper pokemon princess pussy qazwsx qwerty1 secret shadow single soccer starwards sunshine superman susan swordfish testing tigger trustno1 victory welcome whatever 1234 4321 6969 12345 54321 111111 121212 123123 654321 666666 1111111 7654321 7777777 87654321 123456789
Alex Frakt
Founder
 
Posts: 9525
Joined: Fri Feb 23, 2007 2:06 pm
Location: Chicago

Re: bogleheads.org under attack - may cause login problems

Postby Mrs.Feeley » Tue May 08, 2012 1:25 am

Thank you for the update. The obvious question is why would anyone want to attack a message forum such as this one? To use it to send out phishing spam? To learn e-mail addresses and perhaps names of people with Vanguard accounts? Or perhaps they're just misguided about the potential value of such a hacking enterprise.

I got the log-on error message last night.
Mrs.Feeley
 
Posts: 509
Joined: Sat Nov 12, 2011 3:52 am

Re: bogleheads.org under attack - may cause login problems

Postby Renaissance Man » Tue May 08, 2012 1:38 am

Man Your Battle Stations!
Renaissance Man
 
Posts: 51
Joined: Mon Oct 24, 2011 2:30 pm

Re: bogleheads.org under attack - may cause login problems

Postby Simplegift » Tue May 08, 2012 1:45 am

Good job, Alex. Thanks for keeping us informed of developments.
Cordially, Todd
User avatar
Simplegift
 
Posts: 1228
Joined: Tue Feb 08, 2011 4:45 pm
Location: Central Oregon

Re: bogleheads.org under attack - may cause login problems

Postby Alex Frakt » Tue May 08, 2012 1:58 am

Mrs.Feeley wrote:Thank you for the update. The obvious question is why would anyone want to attack a message forum such as this one? To use it to send out phishing spam? To learn e-mail addresses and perhaps names of people with Vanguard accounts? Or perhaps they're just misguided about the potential value of such a hacking enterprise.

I got the log-on error message last night.

I have seen reports of other message boards getting hit with the same thing. Here's the first official report on it from the people who created our forum software - http://www.phpbb.com/community/viewtopi ... &t=1947925

The speculation is that this may be the next step by spammers. We've gotten pretty good at keeping spammers out through techniques like requiring moderator approval of the first post from new members and not allowing images or links in a member's first few posts. But if a spammer can login as an established user, they could flood the forum with spam until the moderators get around to manually cleaning it off. Since they only get a few chances per username, it's unlikely to be very effective, but since it's all automated and, no doubt, run through compromised computers, it costs the spammer very little to try.
Alex Frakt
Founder
 
Posts: 9525
Joined: Fri Feb 23, 2007 2:06 pm
Location: Chicago

Re: bogleheads.org under attack - may cause login problems

Postby Alex Frakt » Tue May 08, 2012 2:26 am

More research. Here's a list of the passwords being used during a similar attack on another phpbb board. If any of these are your password, you should probably change it. Note that even if you do use one of these, the attacker was only able to try a handful of times before being locked out, so you are probably still OK.

000000 abc123 aeiou angel asdf1 asdfg ashley babygirl baseball baseball1 batman blahblah cheese christ computer daniel dragon football freedom fuck fucked fuckyou grace iloveyou iloveyou1 iloveyou2 internet jessica jesus jesus1 jordan killer letmein love master matrix maverick michael michelle monkey mustang nicole nintendo passw0rd Password password1 pepper pokemon princess pussy qazwsx qwerty1 secret shadow single soccer starwards sunshine superman susan swordfish testing tigger trustno1 victory welcome whatever 1234 4321 6969 12345 54321 111111 121212 123123 654321 666666 1111111 7654321 7777777 87654321 123456789
Alex Frakt
Founder
 
Posts: 9525
Joined: Fri Feb 23, 2007 2:06 pm
Location: Chicago

Re: bogleheads.org under attack - may cause login problems

Postby xerty24 » Tue May 08, 2012 4:47 am

Alex Frakt wrote:000000 abc123 aeiou angel asdf1 asdfg ashley babygirl baseball baseball1 batman blahblah cheese christ computer daniel dragon football freedom fuck fucked fuckyou grace iloveyou iloveyou1 iloveyou2 internet jessica jesus jesus1 jordan killer letmein love master matrix maverick michael michelle monkey mustang nicole nintendo passw0rd Password password1 pepper pokemon princess pussy qazwsx qwerty1 secret shadow single soccer starwards sunshine superman susan swordfish testing tigger trustno1 victory welcome whatever 1234 4321 6969 12345 54321 111111 121212 123123 654321 666666 1111111 7654321 7777777 87654321 123456789

And I thought surely no one would guess my long passphrase with 50+ unrelated words and numbers. Guess it's time to go back to Monkey1234 ;).
No excuses, no regrets.
xerty24
 
Posts: 4830
Joined: Tue May 15, 2007 4:43 pm

Re: bogleheads.org under attack - may cause login problems

Postby Pacific » Tue May 08, 2012 5:05 am

Password


Really??
Pacific
 
Posts: 1131
Joined: Tue Mar 06, 2007 9:19 pm
Location: Lost in the middle of the Pacific

Re: bogleheads.org under attack - may cause login problems

Postby nisiprius » Tue May 08, 2012 6:14 am

Pacific wrote:
Password
Really??
Really. Probably a common reaction of users to being told "type password." I think it's usually cluelessness plain and simple, not misplaced cleverness.

I recognize the "swordfish" reference but I have to wonder how common it really is. (Bad movie with hackers-as-heroes).
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
User avatar
nisiprius
Advisory Board
 
Posts: 25526
Joined: Thu Jul 26, 2007 10:33 am
Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry

Re: bogleheads.org under attack - may cause login problems

Postby VictoriaF » Tue May 08, 2012 6:29 am

Alex Frakt wrote:More research. Here's a list of the passwords being used during a similar attack on another phpbb board. If any of these are your password, you should probably change it. Note that even if you do use one of these, the attacker was only able to try a handful of times before being locked out, so you are probably still OK.

victory


Close call ;-)

Victoria
Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
VictoriaF
 
Posts: 12100
Joined: Tue Feb 27, 2007 8:27 am
Location: Black Swan Lake

Re: bogleheads.org under attack - may cause login problems

Postby sscritic » Tue May 08, 2012 6:37 am

VictoriaF wrote:
Alex Frakt wrote:victory

Close call ;-)

Victoria

Victor Victoria eh? Now which is the password?
sscritic
 
Posts: 21863
Joined: Thu Sep 06, 2007 9:36 am

Re: bogleheads.org under attack - may cause login problems

Postby Toons » Tue May 08, 2012 6:51 am

Thanks for the update :happy
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee
User avatar
Toons
 
Posts: 4280
Joined: Fri Nov 21, 2008 11:20 am
Location: Hills of Tennessee

Re: bogleheads.org under attack - may cause login problems

Postby VictoriaF » Tue May 08, 2012 7:13 am

sscritic wrote:
VictoriaF wrote:
Alex Frakt wrote:victory

Close call ;-)

Victoria

Victor Victoria eh? Now which is the password?


You can try all three. :wink: On the second thought, please don't. Otherwise, I will be asked solving CAPTCHA for the rest of my life.

Victoria
Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
VictoriaF
 
Posts: 12100
Joined: Tue Feb 27, 2007 8:27 am
Location: Black Swan Lake

Re: bogleheads.org under attack - may cause login problems

Postby FabLab » Tue May 08, 2012 7:50 am

Thanks, Alex, for the update. Please let us know if there's any way we can help out.

Cheers
The fundamental things apply as time goes by -- Herman Hupfeld
User avatar
FabLab
 
Posts: 1090
Joined: Mon Oct 18, 2010 1:15 pm

Re: bogleheads.org under attack - may cause login problems

Postby VictoriaF » Tue May 08, 2012 7:57 am

FabLab wrote:Thanks, Alex, for the update. Please let us know if there's any way we can help out.


We can guess Alex' password and do his job while he sleeps.

Victoria
Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
VictoriaF
 
Posts: 12100
Joined: Tue Feb 27, 2007 8:27 am
Location: Black Swan Lake

Re: bogleheads.org under attack - may cause login problems

Postby SSSS » Tue May 08, 2012 8:17 am

Alex Frakt wrote:pepper pokemon princess pussy


How did they know the name of my cat??
User avatar
SSSS
 
Posts: 1866
Joined: Fri Jun 18, 2010 12:50 pm

Re: bogleheads.org under attack - may cause login problems

Postby VictoriaF » Tue May 08, 2012 8:55 am

SSSS wrote:
Alex Frakt wrote:pepper pokemon princess pussy


How did they know the name of my cat??


Wikipedia about Pokémon wrote:The concept of the Pokémon universe, in both the video games and the general fictional world of Pokémon, stems from the hobby of insect collecting, a popular pastime which Pokémon executive director Satoshi Tajiri-Oniwa enjoyed as a child.


Is your cat fond of collecting insects, or is your hobby collecting insects from your cat?

Victoria
Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
VictoriaF
 
Posts: 12100
Joined: Tue Feb 27, 2007 8:27 am
Location: Black Swan Lake

Re: bogleheads.org under attack - may cause login problems

Postby FabLab » Tue May 08, 2012 8:56 am

SSSS wrote:
Alex Frakt wrote:pepper pokemon princess pussy


How did they know the name of my cat??


Easy. Alliteration was the next thing to expect after a repetitively lettered user name :D
The fundamental things apply as time goes by -- Herman Hupfeld
User avatar
FabLab
 
Posts: 1090
Joined: Mon Oct 18, 2010 1:15 pm

Re: bogleheads.org under attack - may cause login problems

Postby prudent » Tue May 08, 2012 9:00 am

nisiprius wrote:I recognize the "swordfish" reference but I have to wonder how common it really is. (Bad movie with hackers-as-heroes).


The use of "swordfish" as a password started in the Marx Brothers movie Horse Feathers, way back in 1932! :)
User avatar
prudent
 
Posts: 1234
Joined: Fri May 20, 2011 3:50 pm

Re: bogleheads.org under attack - may cause login problems

Postby retiredjg » Tue May 08, 2012 9:47 am

Thanks Alex. We can always depend on you!
retiredjg
 
Posts: 17767
Joined: Thu Jan 10, 2008 1:56 pm

CAPTCHA ?

Postby Taylor Larimore » Tue May 08, 2012 10:10 am

What does "CAPTCHA" mean (to lazy to go to google) ?

Thank you and best wishes.
Taylor
"Simplicity is the master key to financial success." -- Jack Bogle
User avatar
Taylor Larimore
Advisory Board
 
Posts: 20025
Joined: Tue Feb 27, 2007 9:09 pm
Location: Miami FL

Re: CAPTCHA ?

Postby VictoriaF » Tue May 08, 2012 10:15 am

Taylor Larimore wrote:What does "CAPTCHA" mean (to lazy to go to google) ?

Thank you and best wishes.
Taylor


Hi Taylor,

CAPTCHA is some text written in a jagged way, or partly shaded, or using different fonts and sizes, or some combination of these -- so that a human can read it but text-recognition software would get confused. The human then types what he has read into a box to prove that he is a human.

Victoria
Last edited by VictoriaF on Tue May 08, 2012 10:18 am, edited 1 time in total.
Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
VictoriaF
 
Posts: 12100
Joined: Tue Feb 27, 2007 8:27 am
Location: Black Swan Lake

Re: CAPTCHA ?

Postby Peculiar_Investor » Tue May 08, 2012 10:18 am

Taylor Larimore wrote:What does "CAPTCHA" mean (to lazy to go to google) ?

Thank you and best wishes.
Taylor

"Completely Automated Public Turing test to tell Computers and Humans Apart" per CAPTCHA - Wikipedia.

Also see Luis von Ahn: Massive-scale online collaboration | Video on TED.com, for an interesting talk from the inventor.
User avatar
Peculiar_Investor
 
Posts: 410
Joined: Thu Oct 20, 2011 1:23 am
Location: Calgary, AB

Re: bogleheads.org under attack - may cause login problems

Postby baw703916 » Tue May 08, 2012 10:24 am

CAPTCHA refers to a random word or phrase (typically written in some nonstandard, not easily machine-readable script--although that isn't the case in this site's impementation). The person trying to log in is asked to type in the word displayed--so a bot trying to enter the site would have to not only know the password, but be able to respond in real time to what the page displays.

Thanks to the previous poster for explaining how the term originated.
Most of my posts assume no behavioral errors.
User avatar
baw703916
 
Posts: 5677
Joined: Sun Apr 01, 2007 2:10 pm
Location: Northern Virginia

Quick replies !

Postby Taylor Larimore » Tue May 08, 2012 10:33 am

Bogleheads:

Thank you for quick answer to my question.

Best wishes.
Taylor
"Simplicity is the master key to financial success." -- Jack Bogle
User avatar
Taylor Larimore
Advisory Board
 
Posts: 20025
Joined: Tue Feb 27, 2007 9:09 pm
Location: Miami FL

Re: bogleheads.org under attack - may cause login problems

Postby porcupine » Tue May 08, 2012 10:43 am

VictoriaF wrote:
sscritic wrote:
VictoriaF wrote:
Alex Frakt wrote:victory

Close call ;-)

Victoria

Victor Victoria eh? Now which is the password?


You can try all three. :wink: On the second thought, please don't. Otherwise, I will be asked solving CAPTCHA for the rest of my life.

Victoria

Wisecrack #1: Well, will help keep your math skills up-to-date.
Wisecrack #2: At least it is just a CAPTCHA not a Sudoku!! :wnik:

- Porcupine
porcupine
 
Posts: 1263
Joined: Thu Nov 04, 2010 12:05 pm

Re: bogleheads.org under attack - may cause login problems

Postby VictoriaF » Tue May 08, 2012 10:50 am

porcupine wrote:
VictoriaF wrote:
sscritic wrote:
VictoriaF wrote:
Alex Frakt wrote:victory

Close call ;-)

Victoria

Victor Victoria eh? Now which is the password?


You can try all three. :wink: On the second thought, please don't. Otherwise, I will be asked solving CAPTCHA for the rest of my life.

Victoria

Wisecrack #1: Well, will help keep your math skills up-to-date.
Wisecrack #2: At least it is just a CAPTCHA not a Sudoku!! :wink:

- Porcupine


I prefer SET to Sudoku.

"Alzheimer's" would make a good password. By typing it often enough one may avoid the disease itself.

Victoria
Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
VictoriaF
 
Posts: 12100
Joined: Tue Feb 27, 2007 8:27 am
Location: Black Swan Lake

Re: CAPTCHA ?

Postby SSSS » Tue May 08, 2012 12:13 pm

Taylor Larimore wrote:What does "CAPTCHA" mean (to lazy to go to google) ?


Basically it works like this:

Image
User avatar
SSSS
 
Posts: 1866
Joined: Fri Jun 18, 2010 12:50 pm

Re: bogleheads.org under attack - may cause login problems

Postby Lbill » Tue May 08, 2012 12:19 pm

Is HACKER an acceptable password? :happy
"Life can only be understood backward; but it must be lived forward." ~ Søren Kierkegaard | | "You can't connect the dots looking forward; but only by looking backwards." ~ Steve Jobs
User avatar
Lbill
 
Posts: 4997
Joined: Fri Mar 14, 2008 12:25 am
Location: Somewhere between Up and Down

Re: bogleheads.org under attack - may cause login problems

Postby Remy Winchester » Tue May 08, 2012 12:24 pm

LMAO @ the "F" Series of password attempts, 8-)
User avatar
Remy Winchester
 
Posts: 49
Joined: Sat Jun 04, 2011 3:31 pm
Location: Carolina

Re: bogleheads.org under attack - may cause login problems

Postby mind_boggled » Tue May 08, 2012 1:04 pm

This is what we get for talking bad about high frequency trading. We have angered the machines.
mind_boggled
 
Posts: 29
Joined: Sat Jul 16, 2011 5:39 pm

Re: bogleheads.org under attack - may cause login problems

Postby goggles » Tue May 08, 2012 1:23 pm

Alex, thanks for dealing with this stuff.

I hope you liked the Turing test joke!
User avatar
goggles
 
Posts: 744
Joined: Tue Feb 20, 2007 9:38 am

Re: bogleheads.org under attack - may cause login problems

Postby tludwig23 » Tue May 08, 2012 1:38 pm

Arg, had to solve the CAPTCHA to login. Hopefully won't have to do this every time.

Thanks for the warning and explanations, Alex.
"I do not regard a broker as a member of the human race." Honore de Balzac (1799-1850)
User avatar
tludwig23
 
Posts: 994
Joined: Thu Dec 30, 2010 4:27 pm
Location: Bellingham, WA, near the Salish Sea

Re: CAPTCHA ?

Postby rob » Tue May 08, 2012 2:26 pm

VictoriaF wrote:
Taylor Larimore wrote:What does "CAPTCHA" mean (to lazy to go to google) ?

Thank you and best wishes.
Taylor


Hi Taylor,

CAPTCHA is some text written in a jagged way, or partly shaded, or using different fonts and sizes, or some combination of these -- so that a human can read it but text-recognition software would get confused. The human then types what he has read into a box to prove that he is a human.

Victoria

Except I am always getting the damn things wrong...... and no colour blindness or anything else.... I far prefer the maths based ones that require an answer :-/
| Rob | Its a dangerous business going out your front door. - J.R.R.Tolkien
User avatar
rob
 
Posts: 1735
Joined: Mon Feb 19, 2007 7:49 pm
Location: Here

Re: bogleheads.org under attack - may cause login problems

Postby speedbump101 » Tue May 08, 2012 2:30 pm

VictoriaF wrote:
FabLab wrote:Thanks, Alex, for the update. Please let us know if there's any way we can help out.


We can guess Alex' password and do his job while he sleeps.

Victoria


'sleepdeprived' :-)

SB...
"Man is not a rational animal, he is a rationalizing animal" -Robert A. Heinlein
User avatar
speedbump101
 
Posts: 975
Joined: Thu Oct 18, 2007 11:54 pm
Location: Alberta Canada

Re: bogleheads.org under attack - may cause login problems

Postby JPH » Tue May 08, 2012 2:52 pm

When I click on the Bogleheads link in my Favorites menu, I'm logged in automatically. I don't type in my user name and password every time. Is there any increased risk associated with this practice?
User avatar
JPH
 
Posts: 270
Joined: Mon Jun 27, 2011 9:56 pm

Re: CAPTCHA ?

Postby nisiprius » Tue May 08, 2012 3:25 pm

rob wrote:Except I am always getting the damn things wrong...
Indeed. In my case, I believe it to be partly age-related cognitive deterioration. I sometimes have to request three CAPTCHAs before I get one I can perceive correctly. The method used here at the Bogleheads site is merciful.

But I think it is also because the CAPTCHA developers are losing the arms race against the automated CAPTCHA and the CAPTCHAs are getting harder and harder. And I've heard that there is now a cheap-labor market for CAPTCHA solvers, much as there is for "gold mining" (acquiring resources in on-line multiplayer games and selling them for real money to other players).

I don't think the bad guys are clever enough to do site-specific password guessing, but I would suggest that people avoid passwords that have any relationship to the name of our mentor.
Last edited by nisiprius on Tue May 08, 2012 3:26 pm, edited 1 time in total.
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
User avatar
nisiprius
Advisory Board
 
Posts: 25526
Joined: Thu Jul 26, 2007 10:33 am
Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry

Re: bogleheads.org under attack - may cause login problems

Postby Alex Frakt » Tue May 08, 2012 3:26 pm

JPH wrote:When I click on the Bogleheads link in my Favorites menu, I'm logged in automatically. I don't type in my user name and password every time. Is there any increased risk associated with this practice?

Not from this. If you choose to autologin, we store a cookie on your computer that tells us your username and that you want to skip the login process, we do not store your actual password on your computer. The only potential security problem is that someone who has direct access to your computer could post under your username or edit your existing posts. They could also see your profile information, but that only gives them your e-mail address which they would presumably be able to get anyway since they are in physical possession of your computer. If they wanted to change your password or e-mail address, they would need to enter your current password regardless of the login setting.
Alex Frakt
Founder
 
Posts: 9525
Joined: Fri Feb 23, 2007 2:06 pm
Location: Chicago

Re: bogleheads.org under attack - may cause login problems

Postby LynnC » Tue May 08, 2012 3:31 pm

I have auto log in, also!

Thanks for keeping us posted, Alex. I suddenly realized my passwords aren't very creative! I got a chuckle out of a few of them..

LynnC
LynnC
 
Posts: 748
Joined: Thu Mar 01, 2007 8:01 pm
Location: California

Re: bogleheads.org under attack - may cause login problems

Postby baw703916 » Tue May 08, 2012 3:36 pm

nisiprius wrote:
Pacific wrote:
Password
Really??
Really. Probably a common reaction of users to being told "type password." I think it's usually cluelessness plain and simple, not misplaced cleverness.


Must be akin to "Speak friend and enter" from Tolkien.
Most of my posts assume no behavioral errors.
User avatar
baw703916
 
Posts: 5677
Joined: Sun Apr 01, 2007 2:10 pm
Location: Northern Virginia

Re: CAPTCHA ?

Postby Alex Frakt » Tue May 08, 2012 3:37 pm

VictoriaF wrote:
Taylor Larimore wrote:What does "CAPTCHA" mean (to lazy to go to google) ?

CAPTCHA is some text written in a jagged way, or partly shaded, or using different fonts and sizes, or some combination of these -- so that a human can read it but text-recognition software would get confused. The human then types what he has read into a box to prove that he is a human.

The most common CAPTCHA tests are the irregular text ones, but they can be anything that tries to distinguish humans from robots (software). I don't like the text CAPTCHAs, so we don't use them on this forum. Instead we ask a simple question and the respondent has to fill in the answer. The bot that is attacking us is pretty unsophisticated, it doesn't even try to answer the question.
Alex Frakt
Founder
 
Posts: 9525
Joined: Fri Feb 23, 2007 2:06 pm
Location: Chicago

Re: bogleheads.org under attack - may cause login problems

Postby Alex Frakt » Tue May 08, 2012 3:40 pm

retiredjg wrote:Thanks Alex. We can always depend on you!

Thanks, but the credit should go to Ladygeek and Mel for outlining the problem and Larry for coming up with the filtering solutions. My only job was to report what's going on to everyone.
Alex Frakt
Founder
 
Posts: 9525
Joined: Fri Feb 23, 2007 2:06 pm
Location: Chicago

Re: bogleheads.org under attack - may cause login problems

Postby Random Musings » Tue May 08, 2012 4:04 pm

Alex Frakt wrote:
retiredjg wrote:Thanks Alex. We can always depend on you!

Thanks, but the credit should go to Ladygeek and Mel for outlining the problem and Larry for coming up with the filtering solutions. My only job was to report what's going on to everyone.


Like we used to say at our research facility -

"Praise and Honor for the non-participants". :wink:

RM
User avatar
Random Musings
 
Posts: 5035
Joined: Thu Feb 22, 2007 5:24 pm
Location: Pennsylvania

Re: bogleheads.org under attack - may cause login problems

Postby bourg » Tue May 08, 2012 4:23 pm

Whew - they didn't try correcthorsebatterystaple.

http://xkcd.com/936/
bourg
 
Posts: 63
Joined: Fri Mar 16, 2012 10:26 am
Location: Indianapolis, IN

Re: bogleheads.org under attack - may cause login problems

Postby retiredjg » Tue May 08, 2012 5:44 pm

Alex Frakt wrote:
retiredjg wrote:Thanks Alex. We can always depend on you!

Thanks, but the credit should go to Ladygeek and Mel for outlining the problem and Larry for coming up with the filtering solutions. My only job was to report what's going on to everyone.

Ok. Thanks to them too!
retiredjg
 
Posts: 17767
Joined: Thu Jan 10, 2008 1:56 pm

Re: CAPTCHA ?

Postby archbish99 » Tue May 08, 2012 5:51 pm

Alex Frakt wrote:
VictoriaF wrote:
Taylor Larimore wrote:What does "CAPTCHA" mean (to lazy to go to google) ?

CAPTCHA is some text written in a jagged way, or partly shaded, or using different fonts and sizes, or some combination of these -- so that a human can read it but text-recognition software would get confused. The human then types what he has read into a box to prove that he is a human.

The most common CAPTCHA tests are the irregular text ones, but they can be anything that tries to distinguish humans from robots (software). I don't like the text CAPTCHAs, so we don't use them on this forum. Instead we ask a simple question and the respondent has to fill in the answer. The bot that is attacking us is pretty unsophisticated, it doesn't even try to answer the question.

Saw a neat one recently that displayed five symbols and a giant circle, and directed the user to "drag the ____ onto the circle." Completely not compliant with accessibility requirements, but for those who are mouse-capable, a nice differentiator.

I also saw one a few years ago based on the fact that we're biologically wired to identify different species, so it pulled pictures from PetFinder and asked you to sort dogs vs. cats. :happy
I'm not a financial advisor, I just play one on the Internet.
User avatar
archbish99
 
Posts: 1291
Joined: Fri Jun 10, 2011 7:02 pm

Re: bogleheads.org under attack - may cause login problems

Postby roymeo » Tue May 08, 2012 5:57 pm

bourg wrote:Whew - they didn't try correcthorsebatterystaple.

http://xkcd.com/936/


This was recently referenced in the Economist and someone wrote a letter in later to give xkcd credit for correct horse battery staple.
The sewer system is a form of welfare state. | -- "Libra", Don DeLillo
User avatar
roymeo
 
Posts: 1004
Joined: Sat Apr 28, 2007 8:19 pm
Location: SF, CA

Re: bogleheads.org under attack - may cause login problems

Postby LonePrairie » Tue May 08, 2012 7:13 pm

Thank you for the update, Alex.
User avatar
LonePrairie
 
Posts: 236
Joined: Sun Mar 04, 2007 9:20 pm
Location: Northern California

Re: CAPTCHA ?

Postby JPH » Fri May 18, 2012 5:35 pm

nisiprius wrote:I don't think the bad guys are clever enough to do site-specific password guessing, but I would suggest that people avoid passwords that have any relationship to the name of our mentor.

nisiprius, I made this mistake, and my account was hijacked.
User avatar
JPH
 
Posts: 270
Joined: Mon Jun 27, 2011 9:56 pm

Re: CAPTCHA ?

Postby sscritic » Fri May 18, 2012 6:05 pm

JPH wrote:
nisiprius wrote:I don't think the bad guys are clever enough to do site-specific password guessing, but I would suggest that people avoid passwords that have any relationship to the name of our mentor.

nisiprius, I made this mistake, and my account was hijacked.

Wow! Who would have guessed that the bad guys would try nisiprius as a common password. That is the mentor of whom you speak, right?
sscritic
 
Posts: 21863
Joined: Thu Sep 06, 2007 9:36 am

Next

Return to Forum Issues and Administration

Who is online

Users browsing this forum: No registered users and 2 guests